10
2
I have my Linux /home partition encrypted using ecryptfs, my Linux install is no longer working and I'd like to access files stored on that partition from Windows.
Is there a tool/procedure that would allow me to do this?
mdeous
Posted 2013-10-31T15:13:13.773
Reputation: 223
10
eCryptfs is a filesystem built into the Linux kernel. There is no way to decrypt this data from within Windows.
You can, however, boot an Ubuntu LiveCD, decrypt and recover your data (assuming your have the required keys), using the ecryptfs-recover-private utility.
Complete instructions can be found here:
Full disclosure: I am one of the authors and maintainers of eCryptfs.
Dustin Kirkland
Posted 2013-10-31T15:13:13.773
Reputation: 7 101
@Redsandro cygwin + vagrant can do this, I added an answer on how to – Jonathan – 2017-11-21T23:37:06.203
1that's bad news, and unfortunately I can't use a LiveCD, but I'll do this from a virtual machine, this should work. thank you. – mdeous – 2013-11-04T19:51:59.073
4@Dustin Kirkland: How (im)possible is it to get eCryptfs running on Windows one way or the other (Cygwin, MinGW), like EncFS? I think it would be invaluable to have a solid Linux-native encryption system compatible-ish with Windows. Sarah Dean made LUKS work in Windows with FreeOTFE, but she and/or the project died before it was signed. – Redsandro – 2014-02-04T14:57:59.100
0
Since ecryptfs was written as a kernel module, the "tool" to do this is, well, a Linux kernel.
But then we still have to copy the data to windows or read it from within linux.
Thankfully we can use automation tools to download, install, setup, and run a Linux kernel in windows with some savvy windows shell commands. Vagrant handles sharing folders between Windows and Ubuntu easily, and can be installed via a few commands in windows
Before we get started, if you want to copy your encrypted files (including meta directories) from an ext4 partition to NTFS, I recommend Disk Internals Linux Reader, but if you're savvy with the unix mount command you can skip this step (I just prefer GUI's to the mount command)
Install vagrant via official installer (chocolatey ports not recommended)
In windows admin prompt (Hit windows key and type command, then right-click run as admin):
Install chocolatey then restart the admin command prompt and type:
choco install Cygwin cyg-get
In cygwin prompt (Hit windows key and type cygwin):
cyg-get install
# ASSUMING you copied all the decrypted files to windows, otherwise use mount method below
cd /cygdrive/c/<path to where encryptfs folder is located in windows>
# Either way:
vagrant init ubuntu/xenial64
vagrant up
vagrant ssh
You should be in ubuntu shell via a Virtual Machine now:
sudo apt update
sudo apt install ecrypt-utils tree -y
# At this point you can use mount command, or if you just have the raw files on disk:
cd /vagrant/.ecryptfs
ls
cd myusername
ls .Private
# Either way, let's decrypt
# This WILL fail the first time due a strange bug,
ecrypt-recover-private .Private
# We will start and cancel a mount to fix the bug.
# Choose defaults for everything except passphrase (just press ENTER repeatedly)
sudo mount -t ecryptfs .Private/ decrypted
# Then cancel the mount
Would you like to proceed with the mount (yes/no)? : no
# Now that we fixed the bug with a canceled mount, let's actually recover:
ecrypt-recover-private .Private
# Now that should succeed, so see your data with this
tree /tmp
If this fails you may want to make sure you have the wrapped password file (sudo updatedb && locate wrapped-passphrase) or look into inserting the wrapped passphrase into the key ring
Still having issues? Try the mount method. You can also fiddle around with the following (more details here):
sudo mount -t ecryptfs /dev/mydevicehere decrypted
Note that you can do this mount without having copied ANY files from ext4 to NTFS, and skip some steps.
Once you are successful, if you want these files accessible to windows, simply copy them into /vagrant with the cp command -- be aware you are duplicating data by doing this.
All done? Happy? Exit the Ubuntu VM by typing exit and then shut it down by typing vagrant halt, and remove the VM by typing vagrant destroy
Jonathan
Posted 2013-10-31T15:13:13.773
Reputation: 1 287
Still no tool to do this as of 2017, I presume ? – sylvainulg – 2017-09-18T08:46:34.430
@sylvainulg If you consider 'vagrant' a tool, check out my latest answer in 2017 – Jonathan – 2017-11-21T23:33:51.267